Charity Organizations

join us enabling the poorest of the poor toimprove their own lives

Wednesday, June 28, 2017

A
major ransomware attack June 27 hit computers nationwide in Ukraine as
well as Russia's biggest oil company and companies in the Netherlands,
France and the U.K. (Reuters)By Andrew Roth and Ellen NakashimaJune 27 at 5:33 PM

MOSCOW — A new wave of powerful
cyberattacks hit Europe and beyond on Tuesday in a possible reprise of a
widespread ransomware assault in May. Affected were a Russian oil
giant, a Danish shipping and energy conglomerate, and Ukrainian
government ministries, which were brought to a standstill in a wave of
ransom demands. The virus even downed systems at the site of the former
Chernobyl nuclear power plant, forcing scientists to monitor radiation
levels there manually.

Cyberattacks also spread as far as India and the United States, where the Merck pharmaceutical giant reported
on Twitter that “our company’s computer network was compromised today
as part of global hack.” The New Jersey-based company said it was
investigating the attack.

Cyber researchers say that the virus, which was linked to malware called
Petrwrap or Petya, used a so-called “exploit” developed by the National
Security Agency that was later leaked onto the Internet by hackers. It
is the second massive attack in the last two months to turn powerful
U.S. exploits against the IT infrastructure that supports national
governments and corporations.

The onslaught of ransomware attacks may be the “new normal,” said Mark
Graff, the chief executive of Telegraff, a cybersecurity company.

“The emergence of Petya and WannaCry really points out the need for a
response plan and a policy on what companies are going to do about
ransomware,” he said. WannaCry was the ransomware used in the May
attack. “You won’t want to make that decision at a time of panic, in a
cloud of emotion.”

Here is what you need to know about ransomware: software that locks down your files and demands payment to release them. (Sarah Parnass, Dani Player, Daron Taylor/The Washington Post)

The attack mainly targeted eastern Europe, but also hit companies in
Spain, Denmark, Norway, and Britain. Victims included the British
advertising and marketing multinational WPP and a shipping company, APM
Terminals, based at the port of Rotterdam.

But the damage was worst in Ukraine.

Researchers at Kaspersky Lab’s Global Research and Analysis Team, in
Russia, estimated that 60 percent of infected computers were located in
Ukraine, and another 30 percent in Russia.

The hacks targeted government ministries, banks, utilities and other
important infrastructure and companies nationwide, demanding ransoms
from government employees in the cryptocurrency bitcoin.

The hacks’ scale and the use of ransomware recalled the massive May
cyberattack in which hackers likely linked to North Korea disabled
computers in more than 150 nations using a flaw that was once
incorporated into the National Security Agency’s surveillance tool kit.

Cyber researchers have tied the vulnerability exploited by Petya to the
one used by WannaCry — a vulnerability discovered by the NSA years ago
that the agency turned into a hacking tool dubbed EternalBlue. Petya,
like WannaCry, is a worm that spreads quickly to vulnerable systems,
said Bill Wright, senior policy counsel for Symantec, the world’s
largest cybersecurity firm. But that makes it difficult to control — or
to aim at anyone, he said.

“Once you unleash something that propagates in this manner, it’s impossible to control,” he said.
He expressed puzzlement about why firms and governments are still being
hit. Microsoft in March made available a patch for the Windows flaw that
EternalBlue exploited.

“If you were running an updated operating system and had the latest patch, you would be protected,” Wright said.

The ransomware hit Europe in the early afternoon. Ground zero was
Ukraine. Breaches were reported at computers governing the municipal
energy company and airport in the capital, Kiev, the state
telecommunications company Ukrtelecom, the Ukrainian postal service and
the State Savings Bank of Ukraine.

The mayhem reached high into the government. Ukrainian Deputy Prime
Minister Pavlo Rozenko on Tuesday tweeted a picture of a computer screen
warning in English that “one of your disks contains errors,” then
adding in all capital letters: “DO NOT TURN OFF YOUR PC! IF YOU ABORT
THIS PROCESS, YOU COULD DESTROY ALL YOUR DATA!”

“Ta-Dam!” he wrote. “It seems the computers at the Cabinet of Ministers
of Ukraine have been ‘knocked out.’ The network is down.” His
spokeswoman published a photograph showing demands for a ransom in
bitcoins to release data encrypted by the virus.

Suspicions in Ukraine quickly fell on Russia, which annexed the Crimean
Peninsula in 2014 and has been blamed for several large-scale
cyberattacks on the country’s power infrastructure. But no proof of the
attack was brought, and Russian companies, like the oil giant Rosneft,
also complained of being hit by a “powerful hacking attack.” Photographs
leaked to the press from a Rosneft-owned regional oil company showed
computers displaying ransomware demands similar to those in Ukraine.
The virus also brought havoc to Western Europe. A.P Moller - Maersk Group,
a Danish transport and energy conglomerate, announced that “Maersk IT
systems are down across multiple sites and business units due to a cyber
attack.”

The company was trying to determine exactly how broad the attack was.
“We are assessing the situation, and of course the safety of our
employees and our operations alongside our customers’ business — these
are our top priorities,” Maersk spokeswoman Concepcion Boo Arias said.